[YLUG] Solving a general wireless security problem

mike cloaked mike.cloaked at gmail.com
Mon Jun 9 20:50:37 BST 2008 

Here is a hypothetical situation, to which I wonder if all you
wireless security experts might be able to suggest an answer:

Harry Hacker has a linux laptop and sets it up to act as an open
Access Point and simulates the local genuine AP that he knows is
available in one of the station coffee shops, and runs an internal DNS
that will route calls to Philip Fisher's phishing web pages from site
names of major banks.

Harry then takes his fully charged laptop to the station and has a
coffee whilst he boots up the laptop and leaves it running.

A few tables away at the coffee shop Ian the Innocent fires up his
laptop, connects to the local wireless service, and decides to check
his bank statement to confirm that the payment he made to his credit
card account went through OK, and he is surprised that despite being
careful to put his account details and password in correctly the bank
site does not log him in but instead asks him for his details again.
He checks the location bar and all is well.
This time he logs in and checks his details which are fine.

Harry closes down his laptop and heads home.

Ian shuts down and catches his train. By the time he gets home 75% of
the balance of his account has been paid out to a third party account,
and he swears he never made any mistakes, or let anybody else have
access to his account or password information. He is finding it hard
to persuade the bank to re-imburse him for his loss.

So of course Ian unwittingly connected to the man-in-the middle Access
Point that directed his initial call to the bank to a false ip address
- but only the first time which is sufficient to log the login details
- the site then passed control to the true bank site after that - and
it worked fine from that point on.

So the question is: How can a knowledgeable linux laptop user set up
his laptop to prevent such a man-in-the-middle attack via a spoofed
open AP? I never run wireless connections to Open APs but many do of
course.

Answers should be interesting!


-- 
mike

More information about the York mailing list